Analysis Overview
SHA256
354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89
Threat Level: Known bad
The file 354257dc6e4704844cb01aa811ce141358cd49e7c523f717bb43b6a3a099fb89.apk was found to be: Known bad.
Malicious Activity Summary
FluBot
FluBot Payload
Requests dangerous framework permissions
Loads dropped Dex/Jar
Requests enabling of the accessibility settings.
Uses reflection
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-08-20 07:03
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-08-20 07:03
Reported
2021-08-20 07:06
Platform
android-x86-arm
Max time kernel
1650578s
Command Line
Signatures
FluBot
FluBot Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
| N/A | /data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip | N/A | N/A |
Requests enabling of the accessibility settings.
| Description | Indicator | Process | Target |
| Intent action | android.settings.ACCESSIBILITY_SETTINGS | N/A | N/A |
Uses reflection
| Description | Indicator | Process | Target |
| Invokes method android.view.ViewGroup.makeOptionalFitsSystemWindows | N/A | N/A | N/A |
| Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE | N/A | N/A | N/A |
Processes
com.autonavi.minimap
com.autonavi.minimap
/system/bin/dex2oat
Network
Files
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/MultiDex.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/tmp-base.apk.classes1989932189699479524.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip.x86.flock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/oat/x86/base.apk.classes1.vdex
| MD5 | 80f03df353f388b1ddde047663c1539a |
| SHA1 | dc426d9bb50cac355b263b52b092c346c2588ecc |
| SHA256 | 7fd14ee2a2db0a442dca6ef6de1b5a435f1dee81d66caecf0d1e046200b4f3d9 |
| SHA512 | eb23ac99daa35f2fa972f24d3305c1752e002adb158a24283652cccf8573a631d170c87c9916aab37dcb1e25ef84290af0fe1cb1ba3a79c5a192d1b11c853c9d |
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/oat/x86/base.apk.classes1.odex
| MD5 | d1dd1b5c8dca635097244c0e3d5c9cb4 |
| SHA1 | 1750be435635d7f6ad77f012377f948a6dd344c0 |
| SHA256 | 4ea14f60b9936b097d809d8be40e8a1ee4dcf65ffacd2b589da740fb356cc465 |
| SHA512 | 072acbb3388c857f26e8169233fcd1f8305fd9ab9dd09b7619d4a24333eb195e508df2e600e00e241aaaedb0dd4b371acdc97414c30b7fde7ce1951bbbd2ccc7 |
/data/user/0/com.autonavi.minimap/shared_prefs/multidex.version.xml
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/com.autonavi.minimap/code_cache/secondary-dexes/base.apk.classes1.zip
| MD5 | ece3f5935e289cc2a6cbd395ee2480b1 |
| SHA1 | d9a6edeb184c42b54583a9eb782443e2e0445e47 |
| SHA256 | 39ed3c48555285eaa5adfb047d6bc2b267c2238b4eac710a373ce0dc5f25a6ee |
| SHA512 | d85103c36c9b0146fd1b800196595456e9435a6e1f19b5c8a53bf56a751f40a3ffbe839331df6e5b5189108c4e2076057f07bd6587f71a9117504ab885d42e5a |
/data/user/0/com.autonavi.minimap/shared_prefs/Voicemail.xml
| MD5 | 15cc8c89c0a0624539f64ee0943c102b |
| SHA1 | 98cdc25ad962deff252c471efee819eb869ce929 |
| SHA256 | 1208c35bc0305c890c811014c66bee5142f74e4bb545f43d12418d621ff4d6a5 |
| SHA512 | cfa29fc4651553691f423de49d5ebf6c5d77e31ec43dfc4a6163d0ba260bc97b965375e60394c46dd14b574ce3d0808c795128c1445559b80449f84417fb1af7 |